City of Seattle Information Security Newsletter

Global Credit Card Ring

Thu 17 June 2010 11:00:00 +0000

Police in 12 countries have arrested 178 individuals linked to an international credit card fraud ring. According to a statement from the Spanish Interior Ministry, the arrests were the result of a two-year investigation that included 84 raids carried out in France, Italy, Germany, Ireland, Romania, Australia, Sweden, Greece, Finland, Hungary and the United States.

Next-Gen Crime App

Thu 17 June 2010 11:00:00 +0000

Banks in Russia and Ukraine are under continued siege by criminal gangs wielding a sophisticated, next-generation exploitation kit that hacks the financial institutions' authentication system and then hits it with a denial-of-service attack.

Feds Block Sale

Thu 17 June 2010 11:00:00 +0000

AOL's sale of ICQ messaging software to Russian firm Digital Sky Technologies might yet be blocked by US authorities, which fear losing access to transcripts from the criminal fraternity's favoured messaging product.

Linux Malware

Mon 14 June 2010 10:30:00 +0000

I've got good news and bad news for those of the misguided perception that Linux is somehow impervious to attack or compromise.

Alert for XP users

Mon 14 June 2010 10:30:00 +0000

Microsoft is warning Windows XP and Server 2003 users that exploit code has been posted online showing attackers how to break into these operating systems remotely via a newly-discovered security flaw.

Red Condor

Mon 14 June 2010 10:30:00 +0000

Scammers using spoofed brands, social engineering, and phishing tactics to distribute malware on PCs via drive-by download.

iPad Breakin

Fri 11 June 2010 11:30:00 +0000

The harvesting of over 100,000 iPad 3G owners' e-mail addresses was not a hack or a classic data breach, but a brute force attack of a minor feature AT&T offered to Apple customers, experts said Wednesday.

Adobe Flash Update

Fri 11 June 2010 11:30:00 +0000

Adobe Flash Update Plugs 32 Security Holes

Safari 5

Wed 09 June 2010 14:00:00 +0000

Apple launches Safari 5, patches record 48 bugs.

Zeus Trojan

Wed 09 June 2010 14:00:00 +0000

ZeuS Trojan Attack Spoofs IRS, Twitter, Youtube

Botnet Posers

Fri 04 June 2010 09:30:00 +0000

Tens of thousands of bots are cracking CAPTCHAs and joining websites in order to steal information, extort money

Infected Computers

Fri 04 June 2010 09:30:00 +0000

Attempts to infect computers has increased more than 25 percent according to Kaspersky Lab. In the first three months of 2010, more than 327 million attempts were made to infect user computers in a variety of countries around the globe. From the previous quarter, this is an increase of 26.8 percent.

ATM Skimmers

Fri 04 June 2010 09:30:00 +0000

ATM skimmers (fraud devices that criminals attach to cash machines in a bid to steal and ultimately clone customer bank card data) are marketed on a surprisingly large number of open forums and Web sites. For example, ATMbrakers operates a forum that claims to sell or even rent ATM skimmers. Tradekey.com, a place where you can find truly anything for sale, also markets these devices on the cheap.

Patch Tuesday

Fri 04 June 2010 09:30:00 +0000

Microsoft today said it will deliver 10 security updates next week to patch a record-tying 34 vulnerabilities in Windows, Internet Explorer, Office and SharePoint.

Online Reputation

Wed 02 June 2010 10:45:00 +0000

Social networking, and the broader concept of online privacy, have been under some rather intense scrutiny over the past couple of weeks. The issues at Google--voracious indexer of all things Internet, and Facebook--the largest social network and number one most visited site (according to Google) have made many users more acutely aware of what information is available about them on the Internet. However, your online reputation is being used in ways you may not be aware of, and could cost you.

MAC Spyware

Wed 02 June 2010 10:45:00 +0000

Intego, makers of security and privacy apps for the Mac, warned on Tuesday that some Mac software include a new piece of invasive spyware. Macworld has obtained a preliminary list of the applications with the spyware.

SuperComputer Rankings

Wed 02 June 2010 10:45:00 +0000

China has finally achieved its ambition of becoming a calculating superpower with news that one of the country's supercomputers is now the second most powerful number-cruncher on earth.

Tab Phishing

Wed 26 May 2010 10:00:00 +0000

A researcher has found a new method for carrying out phishing attacks that takes advantage of the way that browsers handle tabbed browsing and enables an attacker to use a script running in one tab to completely change the content in another tab, according to ThreatPost.

Rootkit Threat

Wed 26 May 2010 10:00:00 +0000

With nearly 2 million infected systems cleaned, the nefarious Alureon rootkit comes out on top. Since it first appeared in 2006, Alureon (known in various incarnations as TDSS, Zlob, or DNSChanger) has morphed into a mean money-making marvel: a varied collection of Trojans most famous for their ability to invisibly take control of a PC's interactions with the outside world.

Bugs and Fixes

Mon 24 May 2010 12:30:00 +0000

The bugs keep marching in, with Microsoft, McAfee, and Mozilla all having to deal with serious security-related software problems in the past month.

Poisoned PDFs

Mon 24 May 2010 12:30:00 +0000

Attacks employing poisoned PDF files have leaped to the top of the threat list, according to statistics from major security companies. Symantec reports that suspicious PDF files skyrocketed in 2009 to represent 49 percent of Web-based attacks that the company detected, up from only 11 percent in 2008. The next-most-common attack, involving a good old Internet Explorer flaw, was far behind at 18 percent.

Typhoid Adware

Mon 24 May 2010 12:30:00 +0000

There's a potential threat lurking in your Internet cafe, say University of Calgary computer science researchers: Typhoid adware.

Bugnet spies

Mon 24 May 2010 12:30:00 +0000

Imagine sitting in a cafe and discussing the details of a business proposal with a potential client. Neither you nor the client has a laptop; you're just two people having a conversation. But unbeknownst to you, someone half a world away is listening to every word you say. Later, as you leave, you receive a text message referring to the proposal and demanding money in exchange for silence.

IBM red-faced

Fri 21 May 2010 13:00:00 +0000

The company was forced to write to delegates apologising for its error. "At the AusCERT conference this week, you may have collected a complimentary USB key from the IBM booth. Unfortunately we have discovered that some of these USB keys contained malware and we suspect that all USB keys may be affected."

Twitter worm abuses iPhone

Fri 21 May 2010 13:00:00 +0000

Twitter's new iPhone app is being used as a lure for a new worm attack that ultimately steals a victim's financial credentials.

Apple Update

Fri 21 May 2010 10:30:00 +0000

Apple has pushed out an update that fixes at least 30 security vulnerabilities in its version of Java for Mac OS X systems.

ATM skimmer

Fri 21 May 2010 10:30:00 +0000

Detectives with the Pasco County Sheriff's Office are searching for a pair who placed a skimming device and a pin-hole camera on a New Port Richey, Florida bank's ATM machine Saturday, May 15 in an attempt to steal ATM card account numbers and pin codes.

Oracle acquires Secerno

Fri 21 May 2010 10:30:00 +0000

Oracle will acquire Secerno, which makes firewall products for databases that protect against hackers and data breaches, the companies said Thursday.

USB worm named biggest PC threat

Wed 19 May 2010 11:45:00 +0000

A worm that is spreading via USB flash drives has been named the biggest security threat to PC users by McAfee.

Windows 7 bug

Wed 19 May 2010 11:45:00 +0000

Microsoft today warned users of a vulnerability in the 64-bit versions of Wndows 7 and Windows Server 2008 R2 that could be used to hijack systems.

VeriSign

Mon 19 May 2010 11:45:00 +0000

Security vendor Symantec Corp. is reported to be close to buying Internet infrastructure services vendor VeriSign Inc.'s security business for $1.3 billion.

Facebook IDs hacker who tried to sell 1.5M accounts

Wed 17 May 2010 9:30:00 +0000

Facebook has identified the hacker named Kirllos who tried to sell 1.5 million Facebook accounts recently in underground hacking forums.

Tool lets Twitter be used to control botnet

Wed 17 May 2010 9:30:00 +0000

The builder tool, dubbed Trojan.Twebot by Symantec, allows the creator to construct a copy of the trojan and specify a particular Twitter account to be associated with it.

IE6 past its expiration date

Mon 17 May 2010 9:30:00 +0000

Microsoft is urging users to dump the aged Internet Explorer 6 (IE6) with a campaign that claims the browser is past its expiration date.

Windows 7 compatibility checker is a Trojan

Wed 12 May 2010 9:15:00 +0000

Scammers are infecting computers with a Trojan horse program disguised as software that determines whether PCs are compatible with Windows 7. The attack was first spotted by BitDefender May 9 and is not yet widespread; the antivirus vendor is receiving reports of about three installs per hour from its users in the U.S. But because the scam is novel, it could end up infecting a lot of people due to the interest in Windows 7.

Microsoft, Adobe Push Critical Security Updates

Wed 12 May 2010 9:15:00 +0000

One of the critical updates pushed by Microsoft fixes a flaw in Outlook Express, Windows Mail and Windows Live Mail. On older versions of Windows (Windows XP for example) Outlook Express is installed by default, while Windows Mail and Windows Live Mail generally require users to affirmatively download and install the program.

Apple Gift Cards

Wed 12 May 2010 9:15:00 +0000

Hackers have constructed a bogus Web site designed to steal the account numbers and PINs of gift card holders. This latest consumer phishing scam uses a typosquatted Web site disguised as an official Apple site to trick users into entering their card numbers and PINs in order check the available balance on gift cards for Apple products. The scam is just the latest in a line of sophisticate phishing attacks that has security software companies and law-enforcement agencies urging consumers to take their time and pay close attention to where they are actually conducting transactions to avoid being ripped off.

Critical zero-day flaw found in Apple Safari browser

Mon 12 May 2010 9:15:00 +0000

A highly critical zero-day vulnerability has been discovered in Apples Safari web browser, according to Danish vulnerability tracking firm Secunia.

Microsoft plans two patches, no SharePoint fix

Fri 7 May 2010 12:00:00 +0000

Microsoft is planning a light patch load for next week, the software giant announced Thursday. Due to timing, the company was unable to produce a fix for a recently disclosed SharePoint vulnerability.

FTC warns against credit-card, interest-rate reduction scams

Tue 27 Apr 2010 16:00:00 +0000

U.S. consumers are being inundated with prerecorded robocalls from companies claiming they can negotiate lower credit-card interest rates - for a fee.

Backdoor malware targets Apple iPad

Tue 27 Apr 2010 16:00:00 +0000

Apple iPad users are being warned of an email-borne threat which could give hackers unauthorized access to the device.

Latest phishing scam hides behind BetterBusiness Bureau (BBB) name

Tue 27 Apr 2010 16:00:00 +0000

Scammers are taking the Better Business Bureau's name in vain, in yet anther version of the phishing scam, according to the agency's Pacific Northwest office.

Twitter issues alert about phishing scam

Tue 27 Apr 2010 16:00:00 +0000

Twitter issued a warning April 23 about phishing e-mails that tell users they have unread messages on the micro-blogging site.